Back to overview

CVE-2026-14250

MEDIUM
6.3
CVSS 3.1
Description
The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handle_frontend_register() function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and validating it only against get_editable_roles() — which returns every defined editable site role, including 'editor' — before passing it to wp_insert_user(). This makes it possible for unauthenticated attackers, when public user registration is enabled, to create new accounts with the editor role.

Metadata

CVE ID
CVE-2026-14250
State
PUBLISHED
Assigner
Wordfence
Reserved
2026-06-30 14:19 UTC
Published
2026-07-08 11:30 UTC
Last updated
2026-07-08 12:38 UTC
Primary CWE
CWE-269
CWE-269 Improper Privilege Management
Vendor / Product
themehunk / TH Login Registration
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
themehunk TH Login Registration 0 ≤ 1.0.2
Weakness (CWE)
CWESourceDescription
CWE-269 cna CWE-269 Improper Privilege Management
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Back to overview